Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet][RBAC v2] Update agent_status route to use calculateRouteAuthz #147696

Merged
merged 12 commits into from
Jan 3, 2023
Merged

[Fleet][RBAC v2] Update agent_status route to use calculateRouteAuthz #147696

merged 12 commits into from
Jan 3, 2023

Conversation

ashokaditya
Copy link
Member

@ashokaditya ashokaditya commented Dec 16, 2022
edited
Loading

Summary

Follow up PR to update api/fleet/agent_status route.
refs /pull/145361
refs elastic/security-team/issues/5539

Checklist

For maintainers

@ashokaditya ashokaditya self-assigned this Dec 16, 2022
@ashokaditya ashokaditya added Team:Defend Workflows “EDR Workflows” sub-team of Security Solution OLM Sprint 8.7 candidate labels Dec 16, 2022
@ashokaditya ashokaditya force-pushed the task/olm-update-fleet-agent-status-API-5620 branch 5 times, most recently from 2efe8ee to 6a48b92 Compare December 20, 2022 11:56
juliaElastic
juliaElastic approved these changes Dec 20, 2022
View reviewed changes
Copy link
Contributor

@juliaElastic juliaElastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

paul-tavares
paul-tavares reviewed Dec 21, 2022
View reviewed changes
x-pack/plugins/fleet/server/services/security/route_required_authz.ts Outdated
Comment on lines 138 to 153
actions: {
readPolicyManagement: {
executePackageAction: true,
},
readTrustedApplications: {
executePackageAction: true,
},
readEventFilters: {
executePackageAction: true,
},
readHostIsolationExceptions: {
executePackageAction: true,
},
readBlocklist: {
executePackageAction: true,
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we use this API in all of this areas of Security Solution?

I thought it was only used in Policy Details, but maybe I'm wrong. Let me know

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, you're right. I'll remove the other artifacts' privileges.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done 2140128

.../plugins/security_solution/server/endpoint/services/fleet/endpoint_fleet_services_factory.ts Outdated
@@ -48,7 +48,7 @@ export class EndpointFleetServicesFactory implements EndpointFleetServicesFactor
packages: packageService.asScoped(req),
packagePolicy,

asInternal: this.asInternalUser.bind(this),
asScoped: this.asScoped.bind(this),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please revert. This was by design to provide the ability for the caller to still access an internal client if needed.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. Will revert so that asScoped has the internal client.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reverted 4f0ac7a

.../plugins/security_solution/server/endpoint/services/fleet/endpoint_fleet_services_factory.ts Outdated Show resolved Hide resolved
.../plugins/security_solution/server/endpoint/services/fleet/endpoint_fleet_services_factory.ts Outdated Show resolved Hide resolved
@ashokaditya ashokaditya force-pushed the task/olm-update-fleet-agent-status-API-5620 branch from 180a782 to 4f0ac7a Compare December 22, 2022 10:10
@ashokaditya ashokaditya marked this pull request as ready for review December 22, 2022 10:10
@ashokaditya ashokaditya requested a review from a team as a code owner December 22, 2022 10:10
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

@ashokaditya ashokaditya added the release_note:feature Makes this part of the condensed release notes label Dec 22, 2022
@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Dec 22, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

kpollich
kpollich approved these changes Dec 27, 2022
View reviewed changes
Copy link
Member

@kpollich kpollich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reapproving for Fleet codeowners review since it seems like @juliaElastic's review came before a Fleet team ping.

paul-tavares
paul-tavares approved these changes Jan 3, 2023
View reviewed changes
Copy link
Contributor

@paul-tavares paul-tavares left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢 it

@ashokaditya ashokaditya enabled auto-merge (squash) January 3, 2023 18:32
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @ashokaditya

@ashokaditya ashokaditya merged commit 72d2f75 into elastic:main Jan 3, 2023
@kibanamachine kibanamachine added v8.7.0 backport:skip This commit does not require backporting labels Jan 3, 2023
@ashokaditya ashokaditya deleted the task/olm-update-fleet-agent-status-API-5620 branch January 4, 2023 08:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliaElastic juliaElastic juliaElastic approved these changes

@paul-tavares paul-tavares paul-tavares approved these changes

@kpollich kpollich kpollich approved these changes

Assignees

@ashokaditya ashokaditya

Labels
8.7 candidate backport:skip This commit does not require backporting OLM Sprint release_note:feature Makes this part of the condensed release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team:Fleet Team label for Observability Data Collection Fleet team v8.7.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@ashokaditya @elasticmachine @kibana-ci @kpollich @paul-tavares @juliaElastic @kibanamachine